Apple will allow iOS app downloads directly from websites in the EU

[hishnash]

7 hours ago, Sauron said:

That's not their criterion, and their scans as mentioned do not work very well.

10 hours ago, hishnash said:

As a malware scan they work every well, I think you conflating other scenes (like private api usage) that is not part of notarisation scans but part of App Store submission (seperate scan that happens after the malware scan).

 

 

7 hours ago, Sauron said:

Yes, that's how the law should work. Instead Apple blacklists developers based on whether they abide by their own, non legally mandated, terms of service.

The EU make it very clear what they can be blacklisted for and if you feel you have been un-justly blacklisted you can contact the EU team to enquire with apple (you don't need to pay a legal team unless apple think they have a very strong case... apple need to think they have a strong enough case to be worth 10% of annual global revenue if they loos so its a rather strong case).

 

 

7 hours ago, Sauron said:

It's absolutely a security risk because those APIs give you access to operating system functions that a non-root app should not have,

No, private apis are still within your sandbox they do not have access to system entitlements. the sandbox model works at the app process level so sandboxes everything include all the private apis.    

 

 

7 hours ago, Sauron said:

Not to mention this means that any obfuscated code, even malicious code, will not be detected.

Detecting malicious code is very hard, the only way to do this is to look for known code patterns/signatures.   One thing to note with notarisation is even if you app passes the scan if later a malware is found your app can (and is) re-scanned by apple and they can issue a remote kill notice that will deactivate it on all users devices (yes the DMA permits this).  So it's not just about things they detect when scanning before users download but also about being able to pull infected applications from users devices as soon as they are discovered. 

[darknessblade]

Is it just me or does apple love getting fined by the EU for breaking DSA regulations.

 

This is a clear "F-U" where they try to squeeze as much power as they can, hoping the EU won't notice, and let them have their way.

 

 

[hishnash]

On 3/15/2024 at 9:30 AM, darknessblade said:

Is it just me or does apple love getting fined by the EU for breaking DSA regulations.

 

Apple is not going to get fined so long as the continue to adjust what they do whenever the EU say its not enough.  The fine only happens if they refuse to adjust.

The EU commission will look at what apple have done, then say "well we don't like X" apple will then counter propose then the EU will come back a week later "nice but Y" apple will response and the cycle continues.

The fine only apples if the EU say "We don't like X" and apple say "we don't care" at that point the EU might opt to start a legal process (that takes months if not years) before they issue a fine... at any point during this time if apple change the rules and alter stuff about X then the legal process needs to be re-started/modifed.

The thing about the DMA is that while it is very long it does not provide detail about how companies should comply, this lack of detail (leaving it up to the impmntations) means they cant issue a fine without first asking for changes since they did not provide clear black and white detail on what they wanted (the courts will not issue a 10% global revenue fine were there is a grey area on what was needed and the DMA text is full of grey areas).    Apple have (even in the very first proposal) complied with all the clear black and white requirements (they even went further than needed and then were told by the EU that they did not need to for the web-apps). 

[Mark Kaine]

On 3/14/2024 at 9:27 PM, hishnash said:

apple need to think they have a strong enough case to be worth 10% of annual global revenue if they loos

nah that's not how it works... if apple loses they'll just oblige and "allow" the developer,  it was just a "honest mistake" bro, they will not be fined 10% of annual global revenue for that (as much as i wish they would lol)

[Mark Kaine]

On 3/14/2024 at 9:30 PM, darknessblade said:

Is it just me or does apple love getting fined by the EU for breaking DSA regulations.

 

This is a clear "F-U" where they try to squeeze as much power as they can, hoping the EU won't notice, and let them have their way.

 

 

from a evil corporate perspective that makes sense tho, wouldn't you think?

 

has been apples approach from the get go, do the opposite of what the laws require and see what the eu does, if they even notice... (they almost didn't notice lol) they'll keep doing this as much they can, naturally. 

[hishnash]

9 minutes ago, Mark Kaine said:

nah that's not how it works... if apple loses they'll just oblige and "allow" the developer,  it was just a "honest mistake" bro, they will not be fined 10% of annual global revenue for that (as much as i wish they would lol)

Apple would only be fined if they refused to comply with the EU, but they can block a dev, and the dev can appeal to the EU if the EU side with the dev so long as apple let them back apple will not be fined.

 

 

[Avocado Diaboli]

17 minutes ago, hishnash said:

Apple would only be fined if they refused to comply with the EU, but they can block a dev, and the dev can appeal to the EU if the EU side with the dev so long as apple let them back apple will not be fined.

That's a gross oversimplification. Breaking a law can carry a fine regardless of if you improve afterwards or decide to double down. So if Apple purposely abuse their power, they can be fined even if they reinstate someone's account after wrongful termination. The act of breaking the law is a refusal to comply in the first place.

[hishnash]

6 minutes ago, Avocado Diaboli said:

Breaking a law can carry a fine regardless of if you improve afterwards or decide to double down.

Banning a developer so long as apple have a reason for it, aka they have published a scam or malware would not be considered as abuse of power so long as apple have evidence to back up the claim, even if later the Eu consider that to not be enough as long as it is readable that it could have been enough apple can suspend/ban an account the DMA grants that right to the gatekeeper. 

If they just randomly ban a dev without course then yes but apple is not going to do that, they don't do that today no idea why people think they would suddenly start in the EU. 

[Mark Kaine]

34 minutes ago, hishnash said:

Apple would only be fined if they refused to comply with the EU, but they can block a dev, and the dev can appeal to the EU if the EU side with the dev so long as apple let them back apple will not be fined.

 

 

that's what i was saying,  except if they lose the legal battle they *will* be fined , just not the full 10% or even close, because its likely just a "minor infraction" so maybe 2m.

 

And then they'll do it again,  and again... just to grind out more opportunities to bend the rules.

 

lets be clear apple isnt the good guy here, their predatory behavior has been one of the driving forces behind these regulations,  and they don't like it at all.

[Mark Kaine]

13 minutes ago, hishnash said:

Banning a developer so long as apple have a reason for it, aka they have published a scam or malware would not be considered as abuse of power so long as apple have evidence to back up the claim, even if later the Eu consider that to not be enough as long as it is readable that it could have been enough apple can suspend/ban an account the DMA grants that right to the gatekeeper. 

If they just randomly ban a dev without course then yes but apple is not going to do that, they don't do that today no idea why people think they would suddenly start in the EU. 

because they just recently did that with epic games (again)?

 

the first time was understandable because epic kinda asked for it but this time it seemed just petty,  so excuse me, but a lot of people will think apple will continue doing this to devs they don't like (such as epic games)

[hishnash]

12 minutes ago, Mark Kaine said:

because they just recently did that with epic games (again)?

So the reason apple banned them a second time was that they did not even intend to give them an account the second time, when you apply for a dev account with apple, apple does not do a manual review of you, a third party legal company does a validation (normally D&B) that you are a legal registered company and then creates the account.

And since apple had legal reasons to suspect epic was not going to follow the rules, a pattern of behaviour that was repeating itself. They banned them and the EU did not attempt to fine apple for it, instead the EU asked epic if epic is going to follow the rules and Epic confirmed they will.. this is all apple wanted in the end since now if/when epic do break the rules the EU is not going to be as kind to them since it will have made the EU look bad for believing them. 

[GoStormPlays]

here's the best solution to this all:

 

Apple just back off

[Dracarris]

On 3/14/2024 at 1:35 AM, Biohazard777 said:

How about they put the option to allow sideloading, but disable it by default and bury it deep inside the settings?
Heck, they can even add a requirement to solve 10  captchas in order toggle sideloading on... that should keep elderly relatives from accidentally enabling it.

To have a scammer from a far far country (called John, Jim, or Dave) on the phone carefully walk them through the process "to increase security"?

 

Nah, would never happen.

[Biohazard777]

8 hours ago, Dracarris said:

To have a scammer from a far far country (called John, Jim, or Dave) on the phone carefully walk them through the process "to increase security"?

 

Nah, would never happen.

So the scammer John has a victim (elderly person) on the phone and has to walk the said victim through 10 captchas (good luck John) so that the victim can then download and sideload an app...
Say that happens, and then what?

[GoStormPlays]

16 minutes ago, Biohazard777 said:

So the scammer John has a victim (elderly person) on the phone and has to walk the said victim through 10 captchas (good luck John) so that the victim can then download and sideload an app...
Say that happens, and then what?

If you can make that person solve all 10 captchas, then how much harder would it be to just socially engineer them into giving the scammer credit card information/account passwords just outright?